Bind9 with delegation to MS DNS for sub domain

I am wanting to get Bind to answer for primary domain and then onpass queries for sub domain to MS DNS. I dont really want to try and get MS AD to use BIND :)

In Future in the back of my mind DNSSEC and LetsEnc/Certbot are probably going to have to get implemented.

But first, I cant get it to work as it stands.

This is where I had got to

In Bind9

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";

/etc/bind/named.conf.local

acl internals {
    127.0.0.0/8;
    10.8.23.0/24;
    10.2.0.0/24;
};

view "internal" {
    match-clients { internals; };
    allow-recursion { internals; };
    zone "example.uk" {
        type master;
        file "/etc/bind/internals/db.example.uk";
        allow-transfer { 10.8.23.74; };
        also-notify { 10.8.23.74; };
    };
};

/etc/bind/internals/db.example.uk

$ORIGIN uk.
$TTL    604800
ecample       IN      SOA     ns1.example.uk. hostmaster.example.uk (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
$ORIGIN example.uk.
              IN      NS      ns1.example.uk.
              IN      NS      ns2.example.uk.
ns1           IN       A      10.8.23.73
ns2           IN       A      10.8.23.74
mail          IN       A      10.8.23.80
$ORIGIN sub.example.uk.
              IN      NS      10.8.23.15

/etc/bind/named.conf.options

options {
        dnssec-validation auto;
        listen-on-v6 { none; };
        allow-query { any; };
};

dig @10.8.23.73 ns1.example.com returns 10.8.23.73

dig @10.8.23.15 ns1.sub.example.uk returns 10.8.23.15 (as that is set in MS DNS)

But dig @10.8.23.73 ns1.sub.example.uk returns Answers 0